Nuclear plants emphasizing cyber security amid new concerns

by Cody Combs

Nuclear plant operators in West Michigan say cyber security plans are strong as concerns about hacking increase across the country.

(NEWSCHANNEL 3) – The Nuclear Regulatory Commission is currently responding to requests and concerns from several elected officials in Washington regarding information about “foreign hackers” possibly targeting nuclear plants.

In a letter to Massachusetts Senator Edward Markey (D), the NRC insisted it would be in correspondence with more information on the topic.

“This is to acknowledge receipt your letter…regarding your request for information about reports that foreign hackers compromised the cyber security of U.S. nuclear power plant operators.”

Concerns about nuclear plant cyber security have been mounting after the New York Times reported that hackers had been targeting and in some cases, accessing computer networks of parent companies who operate nuclear reactors.

According to the New York Times, one of the companies coming under attack from hackers owns and operates a plant in Kansas.

The Newschannel 3 I-Team reached out to officials at both Palisades and Cook Nuclear plant with inquiries about Cyber Security.

Spokespeople for both plants say their facilities are safe and are not targeted by hackers.

“Every nuclear power facility must meet the NRC’s regulations for an approved cybersecurity program which includes strict controls on removable media, configuration management, vulnerability assessments, and user training including insider threat identification,” wrote Viktoria Mitlyng, a Public Affairs Officer with the NRC.

Bill Schalk, Communications Manager for the Cook Nuclear Plant says cyber security has been a priority for many years, and that the plant will have completed all the NRC’s cyber security requirements by the end of 2017.

“We’ve been very aggressive in cyber security,” he said. “The safety and security systems in the plant have an air gap, you can’t have data transmitted in [the plant].” He added, explaining the security of the computers within the plant itself.

“Palisades have fully implemented the NRC cybersecurity enhancements required to date as well as other related cyber protections,” she said, adding that the Palisades safety and control systems are not connected to the internet.”

The I-Team learned that both Palisades and Cook plants have previously requested implementation delays for certain cyber security standards, but those delays were granted by the NRC, which has emphasized that both plants are in compliance with cyber security standards.

Schalk said the implementation delays are strategic.

“There’s new intelligence out there, and with that we want to take some of the earlier work we did, and improve it,” he said.